1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to data processing units implementing ciphering or deciphering algorithms. The present invention more specifically relates to mechanisms for protecting one or several keys manipulated by such algorithms. In particular, the present invention applies to the detection of a unidirectional perturbation of bits of such a key.
2. Discussion of the Related Art
When a processing unit (typically, a cryptoprocessor) is used to implement a ciphering algorithm, it is desired to verify that the manipulated key is not modified (incidentally or deliberately), either during its transfer to the cryptoprocessor from an external circuit, or once in it while it is contained in a specific register of this cryptoprocessor. Attacks aiming at perturbing the state of the bit of a register of the cryptoprocessor generally are attacks using a laser pointed on bits of the register containing the key to perturb their value.
To counter a modification during the transfer, a solution is to reload the key in the cryptoprocessor as often as possible, generally on each new ciphering, or periodically. However, the key register of the cryptoprocessor remains sensitive to laser attacks.
To check the integrity of the key once it is in the cryptoprocessor, the simplest would be to read this key to control it outside of the cryptoprocessor. However, to protect the key against possible hacking attempts, the temporary storage element (register) which contains the key is generally only accessible in read mode from outside of the cryptoprocessor. The integrity check then amounts to checking the consistency of results obtained by two separate calculations using the key contained in the cryptoprocessor. These two calculations are either two cipherings of a same message with the key, or a ciphering followed by a deciphering.
However, the results of an integrity check mechanism may provide information to the attacker as to the value of the bits of the key. For example, if one of the bits of the key is modified in the key register and the old and new values of this bit are the same, the checking mechanism is incapable of noticing it, be the checking direct (by rereading) or indirect (by two separate calculations). This makes the key vulnerable to an attack or a perturbation known as a unidirectional perturbation, in which a bit of the key is forced to a single one of the possible values. For example, the attacked bit is forced to 0 whatever its initial state (1 or 0). The forcing of a bit to a single one of the two states may enable an attacker to determine the value of this bit according to whether his attack is or not detected (if it is not detected, then the actual bit of the key has the forced value—if it is detected, the actual bit of the key has the other state). By the repeating of this attack on each bit of the key, the value of said key can be obtained.
Further, a unidirectional attack may be simultaneously performed on several bits of a register, for example, by using several laser beams directed towards several cells of the register. The attacks targets registers used in the calculations. The countermeasures are thus relative to the used registers which, according to the algorithm, can only contain a portion of the message and/or of the key.